CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-27644 – NETGEAR R6700v3 Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27644
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-520 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-27646 – NETGEAR R6700v3 circled Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-523 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-45595
https://notcve.org/view.php?id=CVE-2021-45595
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a LBR20 versiones anteriores a 2.6.3.50, RBS50Y versiones anteriores a 2.7.3.22, RBR10 versiones anteriores a 2.7.3.22, RBR20 versiones anteriores a 2.7.3.22, RBR40 versiones anteriores a 2.7.3.22, RBR50 versiones anteriores a 2.7.3.22, RBS10 versiones anteriores a 2.7. 3.22, RBS20 versiones anteriores a 2.7.3.22, RBS40 versiones anteriores a 2.7.3.22, RBS50 versiones anteriores a 2.7.3.22, RBK12 versiones anteriores a 2.7.3.22, RBK20 versiones anteriores a 2.7.3.22, RBK40 versiones anteriores a 2.7.3.22 y RBK50 versiones anteriores a 2.7.3.22 • https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2021-45602
https://notcve.org/view.php?id=CVE-2021-45602
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. Determinados dispositivos NETGEAR están afectados por una inyección de comandos por parte de un usuario autenticado. Esto afecta a D7800 versiones anteriores a 1.0.1.66, a EX2700 versiones anteriores a 1.0.1.68, al WN3000RPv2 versiones anteriores a 1.0.0.90, al WN3000RPv3 versiones anteriores a 1.0.2.100, a LBR1020 versiones anteriores a 2.6.5.20, a LBR20 versiones anteriores a 2.6.5.32, a R6700AX versiones anteriores a 1.0.10.110, a R7800 versiones anteriores a 1.0.2.86, a R8900 versiones anteriores a 1. 0.5.38, R9000 versiones anteriores a 1.0.5.38, RAX10 versiones anteriores a 1.0.10.110, RAX120v1 versiones anteriores a 1.2.3.28, RAX120v2 versiones anteriores a 1.2.3.28, RAX70 versiones anteriores a 1.0.10.110, RAX78 versiones anteriores a 1.0.10.110, XR450 versiones anteriores a 2.3.2.130, XR500 versiones anteriores a 2.3.2.130 y XR700 versiones anteriores a 1.0.1.46 • https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2021-45603
https://notcve.org/view.php?id=CVE-2021-45603
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. Determinados dispositivos NETGEAR están afectados por una divulgación de información confidencial. Una petición UPnP revela el número de serie de un dispositivo, que puede ser usado para restablecer la contraseña. • https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •